Added security fix for CVE-2015-8547
This commit is contained in:
parent
fac88491dc
commit
ce4480e364
12
quassel.spec
12
quassel.spec
|
@ -1,7 +1,7 @@
|
|||
Name: quassel
|
||||
Summary: A modern distributed IRC system
|
||||
Version: 0.12.2
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
|
||||
License: GPLv2 or GPLv3
|
||||
Group: Applications/Internet
|
||||
|
@ -23,9 +23,8 @@ Provides: %{name}-gui = %{version}-%{release}
|
|||
|
||||
Requires: %{name}-common = %{version}-%{release}
|
||||
|
||||
# BZ1205130 - CTCP query Denial of Service
|
||||
## Upstream patch git commit id b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
|
||||
#Patch0: quassel-0.11.0-CTCP-query-crash.patch
|
||||
# Backported fix for CVE-2015-8547
|
||||
Patch0: quassel_0.11.1_CVE-2015-8547.diff
|
||||
|
||||
%description
|
||||
Quassel IRC is a modern, distributed IRC client,
|
||||
|
@ -67,7 +66,7 @@ Quassel client
|
|||
%prep
|
||||
%setup -q -n %{name}-%{version}
|
||||
|
||||
#%patch0 -p1
|
||||
%patch0 -p1
|
||||
|
||||
%build
|
||||
mkdir build
|
||||
|
@ -125,6 +124,9 @@ gtk-update-icon-cache %{_kde4_iconsdir}/hicolor &> /dev/null || :
|
|||
|
||||
|
||||
%changelog
|
||||
* Tue Dec 15 2015 Christian Dersch <lupinix@mailbox.org> - 0.12.2-6
|
||||
- Added security fix for CVE-2015-8547
|
||||
|
||||
* Thu Sep 24 2015 Adam Miller <maxamillion@fedoraproject.org> - 0.12.2-5
|
||||
- Bump spec release because I typo'd and now it's in koji forever
|
||||
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
diff -Naur quassel-0.11.1/src/core/coreuserinputhandler.cpp quassel-0.11.1.patched/src/core/coreuserinputhandler.cpp
|
||||
--- quassel-0.11.1/src/core/coreuserinputhandler.cpp 2015-04-23 23:00:06.000000000 +0200
|
||||
+++ quassel-0.11.1.patched/src/core/coreuserinputhandler.cpp 2015-12-15 20:21:56.170741238 +0100
|
||||
@@ -232,7 +232,7 @@
|
||||
if (!isNumber || maxModes == 0) maxModes = 1;
|
||||
|
||||
QStringList nickList;
|
||||
- if (nicks == "*") { // All users in channel
|
||||
+ if (nicks == "*" && bufferInfo.type() == BufferInfo::ChannelBuffer) { // All users in channel
|
||||
const QList<IrcUser*> users = network()->ircChannel(bufferInfo.bufferName())->ircUsers();
|
||||
foreach(IrcUser *user, users) {
|
||||
if ((addOrRemove == '+' && !network()->ircChannel(bufferInfo.bufferName())->userModes(user).contains(mode))
|
Loading…
Reference in New Issue